Detections
Analytics

CVE-2007-0957

critical

Description

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33411

http://www.vupen.com/english/advisories/2007/1983

http://www.vupen.com/english/advisories/2007/1470

http://www.vupen.com/english/advisories/2007/1250

http://www.vupen.com/english/advisories/2007/1218

http://www.us-cert.gov/cas/techalerts/TA07-109A.html

http://www.us-cert.gov/cas/techalerts/TA07-093B.html

http://www.ubuntu.com/usn/usn-449-1

http://www.securitytracker.com/id?1017849

http://www.securityfocus.com/bid/23285

http://www.securityfocus.com/archive/1/464814/30/7170/threaded

http://www.securityfocus.com/archive/1/464666/100/0/threaded

http://www.securityfocus.com/archive/1/464592/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0095.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:077

http://www.kb.cert.org/vuls/id/704024

http://www.debian.org/security/2007/dsa-1276

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt

http://security.gentoo.org/glsa/glsa-200704-02.xml

http://secunia.com/advisories/25464

http://secunia.com/advisories/24966

http://secunia.com/advisories/24817

http://secunia.com/advisories/24798

http://secunia.com/advisories/24786

http://secunia.com/advisories/24785

http://secunia.com/advisories/24757

http://secunia.com/advisories/24750

http://secunia.com/advisories/24740

http://secunia.com/advisories/24736

http://secunia.com/advisories/24735

http://secunia.com/advisories/24706

http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

Details

Source: Mitre, NVD

Published: 2007-04-06

Updated: 2021-02-02

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical